Since z/VM 5.2, CP uses DAT itself, so it can map 64 bit real addresses in
its 32bit address space (that's how I understand it). CP's view of the
storage is called LOGICAL storage, hence the L in ST HL.
2007/3/23, Rich Greenberg <[EMAIL PROTECTED]>:
On: Fri, Mar 23, 2007 at 05:45:46PM +0100,Co
On: Fri, Mar 23, 2007 at 05:45:46PM +0100,Colin Allinson Wrote:
} I guess this is how I really should do it but, as we are talking about a
} system with no RACF installed, I quite like the little workaround supplied
} by Rich Greenberg. Incidentally, I have tested this and it works very well
}
I'll check it out if and when I get a system back.
Regards,
Richard Schuh
-Original Message-
From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On
Behalf Of Bob Bolch
Sent: Friday, March 23, 2007 11:23 AM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: Building NonRACF CP Modu
I mis-remembered. My files show it's on the VMSECURE 192.
Bob Bolch
-Original Message-
From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On
Behalf Of Schuh, Richard
Sent: Friday, March 23, 2007 1:44 PM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: Building NonRACF CP Module
Look on VMSECURE 192.
-Original Message-
From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On
Behalf Of Schuh, Richard
Sent: March 23, 2007 13:44
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: Building NonRACF CP Module
We do not seem to have that command, at least not on the 176
] On
Behalf Of Bob Bolch
Sent: Friday, March 23, 2007 8:42 AM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: Building NonRACF CP Module
If something doesn't meet your requirements, our support folks would be
happy to create an enhancement request for you. As Dennis pointed out,
using this command
Thankyou to everyone who has responded to this - particularly for the
examples of how to do the PPF's for this.
I guess this is how I really should do it but, as we are talking about a
system with no RACF installed, I quite like the little workaround supplied
by Rich Greenberg. Incidentally, I
riginal Message-
From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On
Behalf Of Stracka, James (GTI)
Sent: Friday, March 23, 2007 9:30 AM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: Building NonRACF CP Module
No wonder it is not documented. It is a nasty command as it does not
display o
Sent: Thursday, March 22, 2007 4:10 PM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: Building NonRACF CP Module
Richard,
I saw Bob Bolch's not about the undocumented command. We've never
needed to use it, because VM:Secure has a list of userids and ACI groups
in VMXRPI CONFIG that have spec
Richard Schuh
-Original Message-
From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On
Behalf Of Bill Munson
Sent: Thursday, March 22, 2007 7:41 AM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: Building NonRACF CP Module
COOL - what a great feature!
munson
Alan Altmark wrote:
>
Behalf Of Bob Bolch
Sent: Thursday, March 22, 2007 11:02 AM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: Building NonRACF CP Module
VM:Secure has an undocumented command for this purpose. It requires that
the
issuer ID be authorized by having an IUCV *RPI record in its directory
entry.
The command is
On Mar 22, 2007, at 1:07 PM, Neale Ferguson wrote:
Too many games of adventur [sic] for those developers me thinks...
ITYM ADVENT [sic]
Adam
Too many games of adventur [sic] for those developers me thinks...
On Thu, 2007-03-22 at 14:02 -0400, Bob Bolch wrote:
> VMXYZZY [ENABLE|DISABLE]
System [mailto:[EMAIL PROTECTED] On
Behalf Of Schuh, Richard
Sent: Thursday, March 22, 2007 12:19 PM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: Building NonRACF CP Module
I heartily concur. It would be nice if VM:Secure had the same
capability.
Regards,
Richard Schuh
My overrride makes I run
VMFBLD ZVM CPNORACF CPLOAD * NUCTARG MODULE MODNAME CPNORACF (ALL
(which is burried in an exec of a few lines)
--
Kris Buelens,
IBM Belgium, VM customer support
While I do use a different name for my PPF file
(POL PPF), I think the important thing to
change is the *component* name.
IBM has CP in ZVM (do you really use those
long complicated base PPF names?), so I could
have CPTYPE1 CPTYPE2 etc. Or, as I really
do have: CPTEST CPPROD.
(Since I am using
On: Thu, Mar 22, 2007 at 01:11:33PM -0400,David Kreuter Wrote:
} Storing into CP? What does this gain that SEND RACFVM SETRACF INACTIVE
doesn't?
You can't do the SEND if RACFVM is dead and can't/won't come up.
} Issuer will need class C or E.
Which OPERATOR normally has. See the notes I added
On: Thu, Mar 22, 2007 at 01:10:57PM -0400,Rich Greenberg Wrote:
} Here is an exec that can disable RACF:
I should have clarified why and when you would use this exec.
Why: The RACF server can't be brought up or its database is missing or
. and you need to get some functionally up and running
On Thursday, 03/22/2007 at 01:10 AST, Rich Greenberg <[EMAIL PROTECTED]>
wrote:
> Here is an exec that can disable RACF:
Poking into CP? What's that all about? On your system please make sure
no one has access to the STORE.C profile and that STORE.C is controlled.
Your sysprogs are dangerous!
I'm lazy too, and confess to doing something similar. But the official way
would be to create an override, do your work,
and regress back to the original.
-Original Message-
From: The IBM z/VM Operating System on behalf of Alan Altmark
Sent: Thu 3/22/2007 1:15 PM
To: IBMVM@LISTSERV.UARK
On Thursday, 03/22/2007 at 12:40 AST, David Kreuter
<[EMAIL PROTECTED]> wrote:
> Why do you endorse circumventing ppf override?
If the override can be a different name that the base, that's ok. You
don't want to end up with a modified (via overrides) 5VMCPRxx PPF, as that
would mess up the "re
Storing into CP? What does this gain that SEND RACFVM SETRACF INACTIVE doesn't?
Issuer will need class C or E.
David
-Original Message-
From: The IBM z/VM Operating System on behalf of Rich Greenberg
Sent: Thu 3/22/2007 1:10 PM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: [IBMVM] Building NonRA
Here is an exec that can disable RACF:
/* Disable RACF.
Use with CAUTION!
*/
false = (1=0)
true = (1=1)
Address COMMAND
Trace O
/*
See if RACFVM is logged on.
Procede ONLY if its not.
*/
'CP QUERY USER RACFVM'
if rc = 0
then do
say 'RACFVM is logged on.'
say 'Enter "Y
I wondered the same thing. It appears to be at odds with everything
Alan and Chuckie have taught us.
Jim
David Kreuter wrote:
Why do you endorse circumventing ppf override?
David
Alan said:
The general idea is:
1. Copy your 5vmcp... PPF file to something else. Don't do an =
overr
Why do you endorse circumventing ppf override?
David
Alan said:
The general idea is:
>1. Copy your 5vmcp... PPF file to something else. Don't do an override.
On Thursday, 03/22/2007 at 03:52 CET, Colin Allinson
<[EMAIL PROTECTED]> wrote:
> The circumstance I am thinking about is where we have one (limited use)
system
> that has no RACF database and no RACFVM server. RACF would not be
enabled in
> the SYSTEM CONFIG (RACF will not be licensed on thi
: Building NonRACF CP Module
COOL - what a great feature!
munson
Alan Altmark wrote:
> On Thursday, 03/22/2007 at 08:54 EST, Sebastian Welton
<[EMAIL PROTECTED]>
> wrote:
>> I've had to do this where RACF was shared with MVS systems. If the
MVS
>> systems went down th
I create a non-RACF CP nuc for cases where we would not be able to start-up
RACFVM, nor RACMAINT, so SETRACF INACTIVE would not be possible. (e.g. RACF
DB on 200 & 300 damaged).
We never needed it since we started with VM about 18 years ago.
*Alan Altmark <[EMAIL PROTECTED]>* wrote:
If anyon
Alan Altmark <[EMAIL PROTECTED]> wrote:
> If anyone cares, you can CP SEND RACFVM SETRACF INACTIVE. This will
cause
> the CP-resident RACF code to begin to defer all requests back to CP, as
> though RACF is not present, including LOGON. You don't have to
deactivate
> any classes or change a
Alan:
Will this command also work with "other" products - like Top
Secret?
David Wakser
InfoCrossing
>
> If anyone cares, you can CP SEND RACFVM SETRACF INACTIVE. This will
> cause the CP-resident RACF code to begin to defer all requests back to
> CP, as though RACF is not present,
COOL - what a great feature!
munson
Alan Altmark wrote:
On Thursday, 03/22/2007 at 08:54 EST, Sebastian Welton <[EMAIL PROTECTED]>
wrote:
I've had to do this where RACF was shared with MVS systems. If the MVS
systems went down then VM was pretty much stuffed so we then just needed
to
IPL wi
On Thursday, 03/22/2007 at 08:54 EST, Sebastian Welton <[EMAIL PROTECTED]>
wrote:
> I've had to do this where RACF was shared with MVS systems. If the MVS
> systems went down then VM was pretty much stuffed so we then just needed
to
> IPL with the alternate CPLOAD module. Naturally no RACF was av
I've had to do this where RACF was shared with MVS systems. If the MVS
systems went down then VM was pretty much stuffed so we then just needed
to
IPL with the alternate CPLOAD module. Naturally no RACF was available but
the way VM is built its pretty much secure for the average user. In fact
goo
I too use some PPF overrides to make a CP nucleus a with and one without
RACF. A piece of cake if you master PPFs.
I don't have the details here.
--
Kris Buelens,
IBM Belgium, VM customer support
A long time ago (1992)
I had an EXEC I wrote that that after running setup
it looked for a cntrl file setup for RACF.
Racf was installed as a LOCAL MOD back then.
'State HCPVM CNTRLIBM * '
If it was there then RACF was on the system
if not then RACF was not on the system (in the nucleus).
there
I have one system with VMSECURE as the ESM,
and one with my own "esm" (haha).
I use two PPF files, but I wont be in the office till Thursday,
and I don't remember exactly what the differences are.
I seem to remember that I have 'conditional overrides'
in a CNTL file too.
I hope to send a better a
Colin,
I don't have experience with RACF, so I'm not sure if it is installed as "a
LOCALMOD" to the LOCALMOD disk/directory.
If it is, we do this type of thing all the time. Each test system has its own
PPF that points to a unique LOCALMOD disk/directory for CP and CMS
corresponding to how
37 matches
Mail list logo
